Thursday, June 26, 2008

Some time back I came to know that wordpress blogs hosted at wordpress.com supports latex. But no such default functionality for self hosted wordpress blogs. But there are plugins (latexrender, wp-latex) which can facilitate similar things.

Monday, June 23, 2008

In continuation with my previous post (Some times yahoo is better), I followed the steps on how to install latex/tetex on my web host from here (You can also get the Installation steps from QuickInstall file in source code or access the same file from tug.org).

But the problem is that on web hosts like hostmonster you won’t have root access so you will need to modify some of the things and do a local install in your home directory.

Wednesday, April 16, 2008

Helping lost visitors? Sometimes a link provided by you may end up as 404 page or viewer might have typed wrong URL that doesn't lead correct page on your site. To help your visitors you can actually use .htaccess file (for Apache servers) to redirect all such links to a special page which will be more useful than plain "404 File Not found" error.

You can add this one line to .htaccess file (create this file if it doesn't exist)

ErrorDocument 404 /web404.html

This will redirect all queries for files not found in that directory and sub directories to web404.htmlOn that page you can provide user with:

Tuesday, April 15, 2008

You may have read about firefox's special about: pages like about:config, about:cache etc. Or you can go through Firefox about: pages to have an idea about them. There is one similar functionality in firefox which allows you to view page source of a page. You can type

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn't checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ' , " etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.So while doing in php you can do:

$shout=str_replace("

And to be on safer side we should also replace following characters: replace ( with &#40; replace ) with &#41; replace & with &amp; replace ' with &#39; replace " with &#34;

Or If you are not expecting user to input these characters then you can simply replace these with null string;

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]